It seems like a buildbot would be a great application to put on a live CD image.... have it boot and run.... possibly even no hard drive. It would even be possible to setup a cron job to reboot (view as purging memory based nasties). It is hard to hack a cdrom filesystem!. cheers
On Fri, 2008-11-14 at 23:47 +0100, Michael Buesch wrote: > On Friday 14 November 2008 23:34:27 Jon Elson wrote: > > Michael Buesch wrote: > > > I don't think there is a solution for this, however. > > > If you want to run a component of the repository (be it the makefile or > > > the setuid programs itself) as root, you need to trust your committer. > > > > > You can set sudo to allow only specific programs from specific > > directories to be executed. > > That includes even specific system command, like cp, mv, mkdir, etc. > > Yeah, well. But we _want_ the setuid applications from the emc2 repository > to run as root. And a committer has full control over the sources... ;) > No matter if you use sudo or some other mechanism. > We use sudo in the first place to get setuid root bit set on those > applications > the attacker has full sourcecode control over. > > So the question really only is: > 1) Do we need these root hacks do do proper tests? > 2) If yes, can we setup a sandbox for the test? > A an acceptable sandbox would probably only be to reset the complete > harddisk image to a known state, make an emc2 checkout/compile/testrun > and discard the harddisk contents. > -- ===================================================================== Lawrence Glaister VE7IT mailto:[EMAIL PROTECTED] 1462 Madrona Drive Nanoose Bay, B.C. http://members.shaw.ca/swstuff Canada V9P 9C9 http://gspy.sourceforge.net ===================================================================== ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Emc-developers mailing list Emc-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-developers